LOB Access with Mobile Device Manager

  • Article

2/9/2009

The following are four ways that you can configure System Center Mobile Device Manager to route internal line-of-business (LOB) traffic:

  • Direct access by using NetBIOS name: The LOB application that is running on the managed Windows Mobile device sends a request to the NetBIOS name of an LOB service that resides within the company internal or perimeter network. The managed device transmits this message through the virtual private network (VPN) tunnel. Based on the local routing table, MDM Gateway Server forwards the message to the next router, which then sends it to the server that hosts the LOB service. This is also known as a network hop.

    Note

    For direct access to work by using a NetBIOS name, WINS must be available and MDM Gateway Server must configure the WINS servers in the device as part of the VPN negotiation.

  • Direct access by defining networks or domains that map to the company network: During the provisioning process, you can use Group Policy settings to configure the list of company-internal destinations on the managed device. After the company network destinations are configured on the managed device, the LOB application that is running on the device sends a request to an LOB service that resides within the company internal or perimeter network. This LOB service destination is listed in the company network list. Network traffic then moves from the managed device through the VPN tunnel, bypassing the provisioned proxy. Based on the local Windows-based operating system routing table, MDM Gateway Server forwards this message to the next network hop.

  • Proxy access (Web proxy traffic): In this case, when the Mobile VPN connected, a proxy was configured for network access. The LOB application that is running on the managed device sends a request to an LOB service that resides within the company internal or perimeter network. The destination URL is a fully qualified domain name (FQDN) or an IP address. The managed device sends the request to the provisioned proxy through the VPN tunnel. MDM Gateway Server queries the local Windows-based operating system routing table for the proxy location. The proxy receives this message, applies the proxy policy, changes its source IP address, and then sends it back to its destination LOB service.

  • Direct access: In this case, when the Mobile VPN connected, no proxy was configured for network access. The LOB application that is running on the managed device sends a request to an LOB service that resides within the company internal or perimeter network. The destination URL is a FQDN or an IP address. The managed device sends the request to MDM Gateway Server directly. MDM Gateway Server queries the local Windows-based operating system routing table for the LOB service location and then sends the request to the destination LOB service.